Groupshield virus problems 1

[greenanr]

I'm Using Mcafee Groupshield for MS Exchange 5.5 and get the following email alert message from the mcafee alert manager:

Attachment Name: N/A
File: Infected.msg
Infected? No
Repaired? No
Blocked? Yes
Deleted? No
Virus Name:

This is sent to the sender whenever they include an attachment or forward an email from someone else. I have scanned all of the client computers with the latest DAT files and not one computer contains a virus of any kind. The quarantine manager reports that a trojan virus "Exploit-MIME.gen.b" was found but I can't find it in any of the messages that the quarantine manager has blocked. I can't even find any reason why it might think that this virus exists (i.e. html email or something).

Any possible suggestions why this might be happening and I would be eternally grateful

Regards

Richard

 

[P3dr0]

In the "On Access" > "Attachments" tab of Groupshield For Exchange in Exchange Admin or "On Access" > "Attachment Blocking" In ePo Orchestrator.


You can choose to block all attachments, specified attachments or no blocking attachments at all.
You can also choose to quarantine the blocked attachments.

Did you check if this options is enabled ?

 

[greenanr]

P3dr0 thanks for your reply.

I do want attachments to be blocked if they contain viruses. This system was set up by a different contractor and I've just been drafted in (nightmare ). However the email system was working well. I have read in other forums that a corrupted SCAN.DAT file from an auto update might cause similar problems. I've re-updated the files from a download. We'll see if that does the trick. The worry though is that the virus scanner seems to be detecting a virus although I can't find it.

Regards

Richard

 

[simonjcook]

Hi there,

I have seen this issue on heavily loaded Exchange servers.

Things to try...
Restart the GroupShield services.
Use the ESE method for on access scanning (if this is a change from the existing on-access scan method, the information store needs to be restarted).
Reboot the server.
Reapply the latest superdat with the /f switch (sdat4367.exe /f).


Regards

Simon J Cook

< Keyboard Error - Press F1 to continue >

 

[simonjcook]

Hi there,

I have seen this issue on heavily loaded Exchange servers and those simply in need of a reboot after a dat update.

Things to try...
Restart the GroupShield services.
Use the ESE method for on access scanning (if this is a change from the existing on-access scan method, the information store needs to be restarted).
Reboot the server.
Reapply the current superdat with the /f switch (sdat4367.exe /f).


Regards

Simon J Cook

< Keyboard Error - Press F1 to continue >

 

[greenanr]

FYI:

I found another post somewhere that said that the downloaded dat file may have been corrupted. As above I downloaded and ran a new dat file and hey presto it seems to work again.

thanks for you help